Should a website's images/videos be stored in folder by same user multiple times?-CodePudding

I am making a website where users can create posts and include images/videos, where the reference to the image/video path gets stored in the database and the actual images/videos are uploaded to a folder named pictures/, this is the approach im going with as of now and later on I guess I will have to store all media files in the cloud?

However, let's say user A creates a post and uploads image A. If user A then creates another post and uploads same image A then it remains the same in the folder, and I don't really understand if its suppose to be this way considering that another post has just been created, think of the idea like reddit or twitter etc.

uploadpost.php

<?php
session_start();
include_once 'includes/dbh.inc.php';
$id = $_SESSION["userid"];

if(isset($_POST["submitimgvid"])){
  $title = $_POST["title"];
  $users_id = $_POST["users_id"];
  $content = $_POST["content"];
  $date_created = $_POST["date_created"];

  $file = $_FILES['file'];
  $fileName = $_FILES['file'] ['name'];
  $fileTmpName = $_FILES['file'] ['tmp_name'];
  $fileSize = $_FILES['file'] ['size'];
  $fileError = $_FILES['file'] ['error'];
  $fileType = $_FILES['file'] ['type'];

  $fileExt = explode('.', $fileName);
  $fileActualExt = strtolower(end($fileExt));

  $allowed = array('jpg', 'jpeg', 'png', 'mp4');
  $fileNameNew = $fileName.$id.".".$fileActualExt;
  $fileDestination = 'pictures/'.$fileNameNew;

  if(in_array($fileActualExt, $allowed)){
    if($fileError === 0){
      if($fileSize < 50000000){
        move_uploaded_file($fileTmpName, $fileDestination);
        $sql = "INSERT INTO media (title, users_id, content, date_created, imagepath) VALUES ('$title','$id','$content','$date_created', '$fileDestination');";
        $result = mysqli_query($conn, $sql);
        header("Location: home.php?uploadsuccess");
      } else {
        echo "Your file is too big!";
      }
    } else {
      echo "There was an error uploading your file!";
    }
  } else {
    echo "You cannot upload files of this type!";
  }
}

Is the image supposed to be reuploaded or stacked upon each other in the folder or am I misunderstanding here?

CodePudding user response：

There's two points I'd like to react to :

First, storing assets in your local folder is rarely a good idea. It will saturate your server (since it'll serve and execute PHP files AND serve the assets whose weight are order of magnitude bigger). I'd suggest storing it in a cloud storage such as AWS S3 and make use of a CDN for replication if your assets are to be consulted from multiple places around the globe.
Second, you want to give random names to your files to prevent overwriting (and losing old files) and some potential security flaws. You also want to perform hard checks on file (not just extension check but deep data check to ensure these are the files they claim to be). Thus, you will avoid the need to think about names. A good scheme would be to generate a random UUID for a file (if they are too long for your taste, you might want to use some shorter version).

As a third point, i'd talk about potential SQL injections. You should use prepared queries and sanitize your inputs.

CodePudding user response：

Even if the files names are same (A) you don't know if their contents are different without comparing them. If you want to avoid the additional overhead of comparing file contents, you can just save the uploaded files with incremental files names, random file names, or a combination of file ID from database and user ID, etc.

You can also create a date/month folder hierarchy to keep the images more organized.